Infrastructure for a secure interface between wireless and wired networks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 10

Infrastructure for a Secure Interface between Wireless and Wired Networks PowerPoint PPT Presentation


  • 49 Views
  • Uploaded on
  • Presentation posted in: General

Infrastructure for a Secure Interface between Wireless and Wired Networks. Chen-Nee Chuah & Mark D. Spiller CS 261, Dec. 4, 1998. Mobile Services & Issues. Envisioned Service Types: How does one integrate the security of the wireless system and the (wire-based) services?

Download Presentation

Infrastructure for a Secure Interface between Wireless and Wired Networks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Infrastructure for a secure interface between wireless and wired networks

Infrastructure for a Secure Interface between Wireless and Wired Networks

Chen-Nee Chuah & Mark D. Spiller

CS 261, Dec. 4, 1998


Mobile services issues

Mobile Services & Issues

  • Envisioned Service Types:

  • How does one integrate the security of the wireless system and the (wire-based) services?

  • What levels of trust are possible, and with whom?


Gsm overview

GSM Overview

AS: {Ki, IMSI}

  • Phone company authenticates and sets up encrypted connection before any data transfer.

  • Shared secret between SIM and AS allows the setup of a secure link between the BS and the mobile unit.

  • BS is trusted per session by handset and AS.

  • GSM’s security assumed sufficient.

GSM Network

AS

2.{Rand, SRES,Kc}

1.{IMSI/TMSI}

BS

Encrypted

with Kc

4.{SRES}

3.{Rand}

SIM: {Ki, IMSI}


Ideal gsm service interface

Ideal GSM Service Interface

AS: {Ki1, SRES1,Kc}

  • Ideal Case: Separate secret and encrypted link to SG

  • AS/BS provide connection, but not trusted

  • Not feasible with current GSM infrastructure

GSM Network

AS

SG: {Ki1, SRES1,Kc}

SG

BS

S

S

Components:

  • Handsets/SIM

  • Base Station (BS)

  • Authentication Station (AS)

  • Service Gateway (SG)

  • Intermediate proxies?

  • Services (S)

Encrypted

with Ks

Encrypted

with Kc

SIM: {{Ki1,SRES1,Kc},

{Ki2, SRES2,Ks}}


Service interfaces for gsm

Service Interfaces for GSM

AS: {Ki, SRES, Kc}

  • Design variables, given GSM authentication, secure air channel, and existing deployed base:

    • Who connects to the SG (AS,BS)?

    • The security along that link

  • SG entrusted with Ki, re-authenticates user via some sort of re-challenge, or

  • Shared secret between phone company (AS) and SG.

  • Lack of ability to change phone forces some trust of BS

GSM Network

AS

SG

BS

S

S

Encrypted

with Kc

SIM: {Ki,SRES,Kc}


Service gateway sg issues

Service Gateway (SG) Issues

  • What is provided on the service side to

    • Authenticate the user?

    • Provide security & trust in the BS-SG and SG-S links?

  • Design variables:

    • How much do we trust SG versus the phone company?

    • What are the costs involved (e.g. backward compatibility)?

    • What are the inherent limitations (SIM cards, handsets, base stations, services)?


Service gateway trade offs

Service Gateway Trade-Offs

Security


Implementation of infrastructure

Implementation of Infrastructure

Uses existing Iceberg test-bed - Changes required:

  • Additional intelligence in UPSIM (PLUS) that controls BS

    • Recognize service request and forward to IP-PAD

  • IPPAD sub-module and SG interfaces

    • Authenticate user via BS, and get ticket/key to set up encrypted channel from BS to services (Models 2 & 3).

IPPAD

BS

SG

S

UPSIM

S

Ethernet


Conclusions future work

Conclusions & Future Work

  • It would have been nice if service support had been designed into the GSM spec from the start.

  • We explored some solutions for secure service access, but:

    • The existing technology infrastructure & protocols are limited (e.g.double encryption (hardware/software))

      • Too much trust in the BS and phone company

        • Best case uses time-stamped session key/ticket to avoid replay attack, and password changes to revoke BS trust

    • The means of choosing and interacting with services from a phone are limited (some standard way/number/etc is needed).

  • Future Issues:

    • Compatibility between different systems.

    • How do proxies fit into the security model?


Header

Header?

GSM

Services...


  • Login